﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace Sherwood.SignOn.Client.Session
{
    /// <summary>
    /// Interface for a persistent store for recording local sessions.
    /// By using a persistent store, sessions can be removed accross application boundaries (IIS processes) which is
    /// necessary for single-sign-off.
    /// </summary>
    public interface ISessionRepository
    {
        /// <summary>
        /// Identifier of the client using the repository.
        /// By specifying an identifier which is only known by the client, the client can ensure that other clients
        /// will have difficulty accessing session records from a common underlying session store.
        /// </summary>
        string ClientIdentifier { get; set; }

        /// <summary>
        /// Registers a new (unactivated) session and returns the session identifier
        /// </summary>
        /// <returns>New session identifier</returns>
        string CreateSession();

        /// <summary>
        /// Validates the session identifier and activates the session.
        /// A session identifier is not valid in this context if the session has already been activated.
        /// </summary>
        /// <param name="sessionId">Client session identifier</param>
        /// <returns>True if identifier could be validated and session already exists, otherwise false.</returns>
        bool ActivateSession(string sessionId);

        /// <summary>
        /// Check if a session exists in the session registery (this includes both activated and non activated sessions)
        /// </summary>
        /// <param name="sessionId">Client session identifier</param>
        /// <returns>True if session still exists, False if session has been removed or is expired.</returns>
        bool SessionExists(string sessionId);

        /// <summary>
        /// Check if a session still exists and has not expired.
        /// </summary>
        /// <param name="sessionId">Client session identifier</param>
        /// <returns>True if session still exists and has been activated, False if session has been removed or is expired.</returns>
        bool SessionActive(string sessionId);

        /// <summary>
        /// Stores the profile information (in xml format) with the session.
        /// </summary>
        /// <param name="sessionId"></param>
        /// <param name="profileXml"></param>
        void StoreProfile(string sessionId, string profileXml);

        /// <summary>
        /// Remove session from repository. This method should be called as part of the single sign off process.
        /// </summary>
        /// <param name="sessionId">Client session identifier</param>
        void DeleteSession(string sessionId);

        /// <summary>
        /// Clean up any expired sessions. This could for example be called on application_start.
        /// </summary>
        void CleanUp();

    }
}
